9382 matches found
Amazon Linux 2 : python3 (ALAS-2025-2762)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2762 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally...
Amazon Linux 2 : emacs (ALAS-2025-2757)
The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2757 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-850)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-850 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch...
Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...
Amazon Linux 2 : python3 (ALAS-2025-2754)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-844)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-844 advisory. .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21172 .NET Elevation of Privilege Vulnerability CVE-2025-21173 .NET, .NET Framework, and Visual Studio Remote Code Execution...
Amazon Linux 2 : python-pillow (ALAS-2025-2768)
The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2768 advisory. PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote...
Amazon Linux 2 : python-ipaddress (ALAS-2025-2761)
The version of python-ipaddress installed on the remote host is prior to 1.0.16-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2761 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...
Amazon Linux 2 : gsl (ALAS-2025-2758)
The version of gsl installed on the remote host is prior to 1.15-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2758 advisory. GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is...
Amazon Linux 2 : glib2 (ALAS-2025-2767)
The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2767 advisory. GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading ...
Amazon Linux 2 : grub2 (ALAS-2025-2756)
The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2756 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-847)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-847 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Tenable has extracted the preceding description block directly...
Medium: python3
Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...
Medium: python3
Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...
Low: gsl
Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Low: gsl
Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Medium: python-jwcrypto
Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...
Important: glib2
Issue Overview: GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service. CVE-2023-29499 GLib's GVariant deserialization prior to GLib 2.74.4 is vulnerable to a slowdown issue where a crafted GVariant can cause...
Important: emacs
Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...